diff --git a/apps/authz/Makefile b/apps/authz/Makefile
index d6ab2b6c7..52daf9482 100644
--- a/apps/authz/Makefile
+++ b/apps/authz/Makefile
@@ -32,18 +32,15 @@ authz/test/e2e:
 # === Open Policy Agent & Rego ===
 
 authz/rego/compile:
-	rm -rf ${AUTHZ_PROJECT_DIR}/src/app/opa/build
-
-	mkdir -p ${AUTHZ_PROJECT_DIR}/src/app/opa/build
-	
+	rm -rf ./rego-build
+	mkdir -p ./rego-build
 	opa build \
 		--target wasm \
 		--entrypoint main/evaluate \
 		--bundle ${AUTHZ_PROJECT_DIR}/src/app/opa/rego \
 		--ignore "__test__" \
-		--output ${AUTHZ_PROJECT_DIR}/src/app/opa/build/policies.tar.gz
-
-	tar -xzf ${AUTHZ_PROJECT_DIR}/src/app/opa/build/policies.tar.gz -C ${AUTHZ_PROJECT_DIR}/src/app/opa/build
+		--output ./rego-build/policies.gz
+	tar -xzf ./rego-build/policies.gz -C ./rego-build/
 
 authz/rego/wasm:
 	npx ts-node \
@@ -63,6 +60,7 @@ authz/rego/bundle:
 authz/rego/eval:
 	opa eval \
 		--format="pretty" \
+		--target="wasm" \
 		--bundle ${AUTHZ_PROJECT_DIR}/src/app/opa/build/policies.tar.gz \
 		--input ${AUTHZ_PROJECT_DIR}/src/app/opa/rego/input.json \
 		'data.main.evaluate'
diff --git a/apps/authz/src/app/app.service.ts b/apps/authz/src/app/app.service.ts
index 231c2566a..7283bb047 100644
--- a/apps/authz/src/app/app.service.ts
+++ b/apps/authz/src/app/app.service.ts
@@ -85,7 +85,7 @@ export class AppService {
 
   #finalizeDecision(response: OpaResult[]) {
     const firstResponse = response[0]
-    if (firstResponse.decision === 'forbid' && !firstResponse.reasons?.every((r) => r.decision === 'forbid')) {
+    if (firstResponse.decision === 'forbid' && firstResponse.reasons?.every((r) => r.decision === 'forbid')) {
       return {
         originalResponse: firstResponse,
         decision: NarvalDecision.Forbid